Over time, it’s easy to become a bit out of touch with security tools. With new tools arriving on the scene daily, and updates to established tools occurring frequently, the deluge of information can be overwhelming; not to mention all of the other security fodder we process.
That said, I find it encouraging to revisit some of the really established tools to see what changes and improvements are in place. Nmap is without a doubt the classic security tool in every aspect, from quality, to longevity, to street credibility. Even Hollywood has clue when it comes to Nmap, as evidenced in Matrix, Bourne, and Die Hard films with Nmap showing up on someone’s computer screen!
One of my favorite Nmap features is the OS Identification and Application Fingerprinting capabilities. In part, this type of identification relies on the Nmap community scanning known devices and submitting signatures to be added to the Nmap databases (service probes, OS, etc.).
As of 21 July, 2009, the Nmap OS database has the following VoIP device Fingerprints:
- Fingerprint Alcatel 4035 VoIP phone
Fingerprint Sirio by Alice VoIP phone
Fingerprint AudioCodes Mediant 1000 VoIP gateway
Fingerprint Audiocodes MP-114 or MP-118 VoIP gateway
Fingerprint Avaya G350 Media Gateway (VoIP gateway)
Fingerprint Avaya Office IP403 VoIP gateway
Fingerprint Avaya Office IP500 VoIP gateway
Fingerprint Aastra 480i GT or 9133i IP phone
Fingerprint Inter-tel 8662 VoIP phone
Fingerprint Comtrend CT-800 VoIP gateway
Fingerprint D-Link DVG-4022S VoIP gateway
Fingerprint Grandstream HandyTone HT-488 analog VoIP adapter
Fingerprint Grandstream BudgeTone 100 VoIP phone
Fingerprint Grandstream BudgeTone 100 VoIP phone
Fingerprint Grandstream GXP2000 VoIP phone
Fingerprint Grandstream GXP2020 VoIP phone
Fingerprint Thomson ST 2020 or 2030 VoIP phone
Fingerprint Interbell IB-305 VoIP phone
Fingerprint Linksys PAP2T VoIP router
Fingerprint Linksys SPA901 or SPA921 SIP VoIP phone
Fingerprint Linksys SPA942, SPA962, or SPA9000 VoIP phone; SPA3102 VoIP gateway; or Sipura SPA-2100 or SPA-2101 VoIP adapter
Fingerprint Mitel 3300 CXi VoIP PBX
Fingerprint Netcomm V300 VoIP gateway
Fingerprint Neuf Box Trio3D DSL modem/router/VoIP/TV
Fingerprint Nortel CS1000M VoIP PBX or Xerox Phaser 8560DT printer
Fingerprint Patton SmartNode 4960 VoIP gateway (SmartWare 4.2)
Fingerprint Perfectone IP-301 VoIP phone
Fingerprint Planet VIP-154T VoIP phone (MicroC/OS-II)
Fingerprint Polycom SoundPoint IP 301 VoIP phone
Fingerprint Polycom SoundPoint IP 301 VoIP phone
Fingerprint Polycom SoundPoint IP 430 VoIP phone
Fingerprint PORTech GSM VoIP gateway
Fingerprint PORTech MV-374 GSM-SIP VoIP gateway
Fingerprint Samsung OfficeServ 7200 VoIP gateway
Fingerprint ShoreTel ShoreGear-T1 VoIP switch
Fingerprint Siemens HiPath optiPoint 400 VoIP phone
Fingerprint Sipura SPA-1001 or SPA-3000 VoIP adapter
Fingerprint Sipura SPA-3000 VoIP adapter
Fingerprint Thomson Symbio VoIP phone
Fingerprint Vegastream Vega 400 VoIP Gateway
Also, it’s well worth taking a look at the VoIP devices identified in the Nmap Service Probes database as services that identify a VoIP device do not necessarily mean that the VoIP device has a fingerprint. In other words, there are VoIP devices in the Service Probes database that are not in the OS Fingerprint database, so look carefully!
For even more coolness, be sure to check out the NSE.
Wrapping-up, I’ve nothing less than mad props for Fyodor and all of the other folks who’ve contributed to this fantastic tool. Nmap was one of the first tools I used 10 years ago when first cutting my teeth in security, and remarkably, is a tool that I continue to use almost daily.